ELK 安装笔记

前言:

安装ELK前,先看下ELK的原理图:

系统环境:

CentOS 6.5 x86_64
192.169.0.2(服务器端): indexer/brokder,集成elasticsearch,redis, kibana
192.169.0.3(客户端): shipper,nginx服务器,logstash收集它的日志

一:服务器端(192.169.0.2)

1:首先安装JAVA

刚开始安装的是java-1.7.0-openjdk和java-1.7.0-openjdk-devel两个rpm包,结果提示各种错误,跟着解决了半天,还有点小问题,最后烦了,不能贪图一时的简单,改用官方Oracle原版的JAVA还是用原版的吧,于是赶紧下载个原版的装上,一切正常:

下载地址:http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html
官网速度太慢,我找到一个第三方的下载地址,如下
wget -S https://mirror.its.sfu.ca/mirror/CentOS-Third-Party/NSG/common/x86_64/jdk-7u79-linux-x64.rpm
安装 rpm -ivh jdk-7u79-linux-x64.rpm

设置下JAVA需要的环境变量,vim /etc/profile 把如下内容加到文件最后
export JAVA_HOME=/usr/java/latest
export PATH=$JAVA_HOME/bin:$PATH
export CLASSPATH=.:$JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/dt.jar:$CLASSPATH

2:安装 elasticsearch

这个组件安装起来没啥难度,不过不建议用官方的yum,我用yum安装那叫一个慢呀,等的黄花菜都凉了,于是赶紧直接到官网下载rpm包安装,解决。

下载地址: https://www.elastic.co/downloads/elasticsearch
下载安装,如下:
wget -S https://download.elasticsearch.org/elasticsearch/release/org/elasticsearch/distribution/rpm/elasticsearch/2.1.1/elasticsearch-2.1.1.rpm
[root@localhost peiqiang]#rpm -ivh elasticsearch-2.1.1.rpm
[root@localhost peiqiang]#/etc/init.d/elasticsearch start

查询本地9200端口,有如下信息说明安装成功:
[root@localhost ~]# curl -XGet localhost:9200
{
  "name" : "Quasar II",
  "cluster_name" : "elasticsearch",
  "version" : {
    "number" : "2.1.1",
    "build_hash" : "40e2c53a6b6c2972b3d13846e450e66f4375bd71",
    "build_timestamp" : "2015-12-15T13:05:55Z",
    "build_snapshot" : false,
    "lucene_version" : "5.3.1"
  },
  "tagline" : "You Know, for Search"
}

安装插件,我现在也不知道这些插件是干啥的,先装上吧,以后再研究:
/usr/share/elasticsearch/bin/plugin install mobz/elasticsearch-head
/usr/share/elasticsearch/bin/plugin install lukas-vlcek/bigdesk
/usr/share/elasticsearch/bin/plugin install lmenezes/elasticsearch-kopf

3:安装 logstash

下载地址: https://www.elastic.co/downloads/logstash
wget -S https://download.elastic.co/logstash/logstash/packages/centos/logstash-2.1.1-1.noarch.rpm
[root@localhost peiqiang]# rpm -ivh logstash-2.1.1-1.noarch.rpm
Preparing...                ########################################### [100%]
   1:logstash               ########################################### [100%]

[root@localhost ~]# /etc/init.d/logstash start
logstash started.

测试安装是否成功,如下说明安装成功:
[root@localhost ~]# /opt/logstash/bin/logstash -e 'input { stdin { } } output { stdout {} }'
I am budong
Settings: Default filter workers: 4
Logstash startup completed
2016-01-15T07:12:24.373Z localhost.localdomain I am budong

4:安装kibana

下载地址:https://www.elastic.co/downloads/kibana
下载安装:
wget -S https://download.elastic.co/kibana/kibana/kibana-4.3.1-linux-x64.tar.gz
tar zxvf kibana-4.3.1-linux-x64.tar.gz
mv kibana-4.3.1-linux-x64 /usr/local/kibana
/usr/local/kibana/bin/kibana &

通过浏览器访问你的5601端口,我的是http://172.16.153.49:5601,如果页面正常输出,说明安装成功

5:安装redis

yum -y install redis
/etc/init.d/redis start

二:客户端(192.169.0.3)

安装 logstash,参照一中3

三:配置使用

1:编写grok规则

2:学习kibana使用

具体如何使用下次再接着写


参考资料:

官网:https://www.elastic.co/

网络大数据分析 – 使用 ElasticSearch + LogStash + Kibana 来可视化网络流量:http://blog.csdn.net/yeasy/article/details/45332493

使用ELK(Elasticsearch + Logstash + Kibana) 搭建日志集中分析平台实践:http://wsgzao.github.io/post/elk/

ELKstack 中文指南:http://kibana.logstash.es/